Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Good to know:
Date: June 5, 2020
USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
Weakness Type (CWE)
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')CWE-120
Upgrade to version 1.14.2,2.1.1,2.2.0
|Attack Vector (AV):||LOCAL|
|Attack Complexity (AC):||LOW|
|Privileges Required (PR):||LOW|
|User Interaction (UI):||NONE|
|Access Vector (AV):||LOCAL|
|Access Complexity (AC):||LOW|